package com.itmuch.contentcenter.auth;

import com.itmuch.contentcenter.utils.JwtOperator;
import io.jsonwebtoken.Claims;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.util.Objects;

@Aspect
@Component
public class AuthAspect {

    @Resource
    private JwtOperator jwtOperator;

    @Around(value = "@annotation(com.itmuch.contentcenter.auth.CheckLogin)")
    public Object checkLogin(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
            this.checkLogin();
            return proceedingJoinPoint.proceed();
    }

    public void checkLogin() {
        try {
            HttpServletRequest request = getHttpServletRequest();
            String token = request.getHeader("Token-X");

            if (!jwtOperator.validateToken(token)){
                throw new SecurityException("token不合法");
            }
            Claims claims = jwtOperator.getClaimsFromToken(token);
            request.setAttribute("id",claims.get("id"));
            request.setAttribute("wxNickname",claims.get("wxNickname"));
            request.setAttribute("role",claims.get("role"));
        } catch (Throwable e) {
            throw new SecurityException("Token不合法",e);
        }
    }

    public HttpServletRequest getHttpServletRequest() {
        RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) requestAttributes;
        assert servletRequestAttributes != null;
        return servletRequestAttributes.getRequest();
    }

    @Around(value = "@annotation(com.itmuch.contentcenter.auth.CheckAuthorization)")
    public Object checkAuthorization(ProceedingJoinPoint joinPoint) throws Throwable {
        this.checkLogin();
        try {
            HttpServletRequest httpServletRequest = this.getHttpServletRequest();
            String role = (String) httpServletRequest.getAttribute("role");
            MethodSignature signature = (MethodSignature) joinPoint.getSignature();
            Method method = signature.getMethod();
            CheckAuthorization annotation = method.getAnnotation(CheckAuthorization.class);
            String annotationRole = annotation.value();
            if (!Objects.equals(role, annotationRole)) {
                throw new SecurityException("角色不合法");
            }
        }catch (Throwable throwable){
            throw new SecurityException("程序执行异常"+throwable.toString());
        }
        return joinPoint.proceed();
    }

}
